Skip to main content

Traditional ransomware defenses are failing businesses

security
(Image credit: Image Credit: ESB Professional / Shutterstock)

Traditional cybersecurity strategies are failing to protect organizations from ransomware attacks, new research suggests.

According to a paper from storage firm Cloudian, based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defenses set up at the time of the attack. 

However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.

In the majority of cases, it takes them less than 12 hours to seize control of all data on a network and demand a ransom fee, Cloudian says. The average ransom payment sits at $223,000, while 14 percent paid at least $500,000 to get their data back. Companies that agreed to pay the ransom also lost an average of $183,000 on other costs related to recovery.

While cyber insurance covers about 60 percent of the costs, this still leaves quite the hole in the victim's pocket.

“The threat of ransomware will continue to plague organizations around the world if they do not change their approach and response to it,” said Jon Toor, CMO at Cloudian. “Cyberattacks can penetrate even the most robust defenses, so it’s critical that organizations prioritize being able to recover quickly from an attack.”

“The best way to do so is to have an immutable backup copy of your data, which prevents hackers from encrypting or deleting the data for a specified period of time. As a result, organizations can recover an unencrypted copy of their data in the event of an attack without having to pay the ransom.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.